Vulnerability Name: | CVE-2006-0003 (CCN-25006) | ||||||||||||||||||||||||
Assigned: | 2005-11-09 | ||||||||||||||||||||||||
Published: | 2006-04-11 | ||||||||||||||||||||||||
Updated: | 2018-10-19 | ||||||||||||||||||||||||
Summary: | Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. | ||||||||||||||||||||||||
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2006-0003 Source: CCN Type: SA19583 Microsoft Data Access Components RDS.Dataspace ActiveX Vulnerability Source: SECUNIA Type: Vendor Advisory 19583 Source: CCN Type: SA20719 Hitachi Products MDAC RDS.Dataspace ActiveX Vulnerability Source: SECUNIA Type: UNKNOWN 20719 Source: CCN Type: SECTRACK ID: 1015894 Microsoft Data Access Components RDS.Dataspace Access Control Bug Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015894 Source: CCN Type: ASA-2006-079 Windows Security Updates for April 2006 - (MS06-013 - MS06-017) Source: CONFIRM Type: UNKNOWN http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html Source: CONFIRM Type: UNKNOWN http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html Source: CCN Type: US-CERT VU#234812 RDS.Dataspace ActiveX control bypasses ActiveX security model Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#234812 Source: CCN Type: Microsoft Security Bulletin MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) Source: CCN Type: Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) Source: OSVDB Type: UNKNOWN 24517 Source: CCN Type: OSVDB ID: 24517 Microsoft Data Access Components RDS.Dataspace ActiveX Remote Code Execution Source: BUGTRAQ Type: UNKNOWN 20070729 Exploit In Internet Explorer Source: BUGTRAQ Type: UNKNOWN 20070730 Re: Exploit In Internet Explorer Source: BUGTRAQ Type: UNKNOWN 20070730 RE: Exploit In Internet Explorer Source: BUGTRAQ Type: UNKNOWN 20070731 Re: Exploit In Internet Explorer Source: BUGTRAQ Type: UNKNOWN 20080128 Exploit in IE6,7 Source: BUGTRAQ Type: UNKNOWN 20080128 Re: Exploit in IE6,7 Source: BID Type: UNKNOWN 17462 Source: CCN Type: BID-17462 Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability Source: BID Type: UNKNOWN 20797 Source: CCN Type: BID-20797 Retired: Microsoft Internet Explorer Unspecified Code Execution Vulnerability Source: MISC Type: UNKNOWN http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-101A Microsoft Windows and Internet Explorer Vulnerabilities Source: CERT Type: Third Party Advisory, US Government Resource TA06-101A Source: VUPEN Type: UNKNOWN ADV-2006-1319 Source: VUPEN Type: UNKNOWN ADV-2006-2452 Source: CCN Type: Internet Security Systems Protection Alert - April 11, 2006 Microsoft MDAC Remote Code Execution Source: MS Type: UNKNOWN MS06-014 Source: XF Type: UNKNOWN mdac-rdsdataspace-execute-code(25006) Source: XF Type: UNKNOWN mdac-rdsdataspace-execute-code(25006) Source: XF Type: UNKNOWN ie-wscriptshell-command-execution(29915) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1204 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1323 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1511 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1742 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1778 Source: EXPLOIT-DB Type: UNKNOWN 2052 Source: EXPLOIT-DB Type: UNKNOWN 2164 | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |